Transcription

1 USING ONLINE JOB POSTINGS TO ANALYZE DIFFERENCES IN SKILL REQUIREMENTS OF INFORMATION SECURITY CONSULTANTS: SOUTH KOREA VERSUS UNITED STATES Sung-Kyu Park, Department of Information Security Management, Chungbuk National University, Cheongju, South Korea, Hyo-Jung Jun, Department of Management Information Systems, Chungbuk National University, Cheongju, South Korea, Tae-Sung Kim, Department of Management Information Systems, Chungbuk National University, Cheongju, South Korea, Abstract The disproportionate supply/demand ratio of information security consultant manpower is worsening yearly. It is necessary to analyze the specialized knowledge and skills required of information security consultants in their fulfilling job responsibilities, and to reflect the findings in developing and operating training programs. To identify the job requirements of information security consultants across industries, the present paper comparatively analyzed job descriptions posted on monster.com and jobkorea.co.kr sites. Based on the analysis results, the present study defined the job requirements and selected certain items of knowledge and skills valued across industries to help lay the foundation for training programs conducive to demand-oriented manpower cultivation. Keywords: Information Security Consultant Manpower, Contents Analysis, Job Requirement, Knowledge and Skills

2 1 INTRODUCTION Intruders leaking personal information and hackers targeting confidential information are becoming ever more intellectual and sophisticated. By contrast, the failure to supply information security professionals capable of taking proper defensive countermeasures throughout society in a timely manner increases potential threats. This imbalance between manpower supply and demand in the field of information security undermines the local information security industry, raising concerns over the likelihood of security incidents in wider society. According to the 2012 Information Security Manpower Supply and Demand Survey and Outlook published by the KISA (Korea Internet and Security Agency), the disproportionate supply/demand ratio of security manpower is worsening yearly. By 2017 the shortage will amount to as many as 3,660 workers as foreseen by the report. Also, the KISA s 2012 Manpower Supply and Demand Survey per Information Security Job report describes the status of manpower shortage in information security 31% in information security consulting, 21% in R&D, 18% in strategic planning and 9.7% in emergency response in the order named suggesting information security consultants are most in demand, calling for a responsive action. Against the backdrop of such extended imbalance between manpower supply and demand, oversupply as well as excessive demand is likely to arise, if any imprudent measures are taken to control the imbalance without grasping the exact state of qualifications and levels required by the government and industry of the manpower. Therefore, it is urgent to map out the training system fit for the rapidly changing demand from industry and to cultivate manpower accordingly in the field of information security, given the shifting trends of knowledge and skills and the expansive applications across industries. Thus, it is necessary to analyze the specialized knowledge and skills required of information security consultants in their fulfilling job responsibilities, and to reflect the findings in developing and operating training programs. In this context, the case in United States (US) accounting for over 75% of global market in information security is significantly worth investigating. In the US, cultivating and training manpower in information security is part of the country s information security policies, being regarded highly important. Hence, the present paper analyzed the data of recruitment ads for information security consultants posted on the US and Korean job sites. Collected job postings described fundamental competencies of information security consultants for carrying out their responsibilities, specifying the skills and knowledge required in the field. Based on the analysis results, the present study defined the job requirements required of information security consultants and selected certain items of knowledge and skills valued across industries to help lay the foundation for training programs conducive to demand-oriented manpower cultivation. 2 LITERATURE REVIEW 2.1 Analysis of skill requirements in job postings Todd et al. (1995) researched on the shifting trends of the combinations of skill requirements in recruitment ads from the 1970s to 1990s, particularly in regard of programmers, analysts and information system managers. Debrah & Reid (1998) identified skills required of professionals equipped with internet-related specialized knowledge for their effective functioning within organizations. They reported Singaporean companies had difficulties recruiting internet specialists due to the short supply and high demand, but most job postings asked for degrees, certificates (96%) and experiences (92%), which could be explained by the arbitrary definitions of internet skills. Debrah & Reid (1998) identified internet skills by classifying relevant jobs in recruitment ads into TCP/IP and other internet business. Via content analysis and interviews, they identified 5 internetrelated works and 6 internet job titles, and derived the titles of position, job descriptions and job specifications. Wade & Parent (2002) compared the effects of organizational skills and technical skills of web masters on their work performance, and suggested that the balance between the two skills would have positive effects on web-masters work performance and that any disproportionate consideration of or indifference to either skills would undermine their outcomes. Gallivan et al. (2004) analyzed the trends of job skills required of IT professionals, foretelling future demands for jobs and skills. Choi (2008) examined the job postings for librarians to analyze the specific types and levels of

3 IT required, and found a range of IT knowledge and skills were required on account of differentiated segments including administration, operation, references and acquisition arrangement. Prabhakar et al. (2005) analyzed online job postings on Monster.com and classified job skills required of IT professionals into 3 groups, viz. Programming, Operating Systems and Database ERP E-commerce Server. 2.2 Knowledge and skills required of information security consultants To derive specialized knowledge and skills required of information security consultants for their job performance, previous studies on knowledge and skills in the fields of information security and information systems were analyzed. Most prior studies classified the manpower into academia, industry or engineers and managers, and presented knowledge and skills necessary for the curriculum of information security. Jun et al. (2008) defined the information security specialists, and surveyed the employees in information security companies and other businesses on their perception of the extent of knowledge and skills required of 4 job groups. Cockcroft (2002) proposed and discussed risk management, disaster recovery, business continuity planning, security architecture, laws and security strategies intended for graduate courses. Logan (2002) linked information security-related knowledge and skills to undergraduate curriculums and proposed security management, security architecture and modelling, business continuity planning and laws. Irvine et al. (1998) asserted engineering majors should learn information security subjects, proposing 7 knowledge items and skills including cyber laws, communication skills and interpersonal relationships. Lee et al. (1995) categorized knowledge and skills required of IT personnel into four segments, viz. information technology, technical management, business and interpersonal relationships. Wright (1998) proposed 8 areas of securityrelated knowledge including cyber ethics and laws, information security measures and analysis of security vulnerabilities. Yen et al. (2003) proposed knowledge and skills required across industries such as appreciation of goals and strategies in management environment, maintaining close customer relations, word processing and presentation skills, interpersonal relationships and communication skills. Trauth et al. (1993) elucidated knowledge and skills required of information system specialists, and surveyed information system administrators, end-user managers, information system consultants and information system faculty. They presented such knowledge and skills as information system skills including database development and information security skills, and management skills including fulfilment and business environment analysis. 3 RESEARCH METHOD The present paper comparatively analyzed the education, experiences, annual salaries and certificates required of information security consultants in the collected recruitment ads in both countries. Based on the public awareness of free non-membership-based recruitment sites in the US, was analyzed weekly for three months from May to August, Also, over the same period, South Korea s best job site with over 3 million members was analyzed. Search conditions such as full time worker, no limitations on workplace location/commuting distance were set. The keyword for search was Security Consultant. Such data items as position, career, company name, education, experience, job description, annual salary and certificate were collected. Searched data were reviewed to eliminate recurring or overlapping postings over the three months. In total, 110 and 212 data items of recruitment ads were collected on monster.com and jobkorea.co.kr respectively for the comparative analysis. 4 DATA ANALYSIS AND RESULTS In view of educational requirements of information security consultants in the US and South Korea, the US and Korean companies proved to prefer applicants with bachelor s degrees and associate degrees, respectively. As for experiences, the US businesses called for specific number of years with over 30% of American companies intending to hire skilled workers with at least five years experience, whereas around 45% of Korean job postings were looking for those with no more than

6 Group Information Security Management (ISM) Table 5. Education Level Master, MBA Bachelor s Degree Associate Degree High school Diploma Years of Monster.com (US) Jobkorea.co.kr (South Korea) Experience Certification Frequency Certification Frequency N/A ~ N/A ~ ~ ~ N/A N/A ~ N/A Total Group-specific Education and Experience Requirements 5 CONCLUSION To identify the job requirements of information security consultants across industries, the present paper comparatively analyzed job descriptions posted on local and overseas job sites. In short, in the US, the job titles relevant to information security consulting were specified in line with such fields as network, application, system and vulnerability, each of which required applicants to have relevant experience, education, skills and certificates. In South Korea, the requirements proved to be simply sub-divided into managerial and technical parts, and mixed with those for technical sales and marketing associated with information security products. In contrast to the US, the non-technical skills (NTS) group was seen frequently in South Korea, which indicates applicants should be fitted with the knowledge underlying not only information security consulting but also seamless business performance with clients and organizational members. Based on the analysis findings, in order to successfully cultivate talent pools of local information security consultants, it is necessary to design and operate training programs conducive to developing fundamental competencies and skills encompassing presentation, word processing, problem solving, interpersonal relations and communication skills as well as the job requirements per group defined here. This study has limitations in that it takes time and efforts to collect information from recruitment ads and organize data for more accurate analysis results. To address such limitations, the present study designed and implemented a web crawler collecting job postings. Table 6 shows the specifics of the web crawler developed here. Delphi XE6 was used to develop the web crawler application for Windows. To retain and manage the data in database, Apache and MySQL were installed on a Cent OS 6.5 server. The web crawler operates in the following steps. First, URLs of job sites of interest and search keywords are set up. Second, URLs of list pages of search results and those of the pages describing each recruitment ad are collected and stored in the database. Both URLs are collected here to avoid any overlapping URLs. Third, job requirements on the pages describing recruitment ads are parsed and thus 11 requirement items are saved in the DB. Once the requirements are stored in the DB, the field in the DB table where URLs are stored is updated from 0 to 1, so that the data for a field marked as 1 will not be collected again. Fourth, collected DB files can easily be transformed into CSV or MS Excel files with HeidSQL tool for analysis. Currently, revising and debugging is underway with the completed beta version applicable to Jobkorea.co.kr chosen as the test site. In near future, another web crawler will be developed, and customized for a different job site. Future studies will draw on the web crawler for analysing a broader spectrum of data sets, and establish specific skill and knowledge components needed for fostering and training information security consultants by standardizing (coding) such skill and knowledge items for each group.

CAREER OPPORTUNITIES After the graduation, students can select three different paths. Students should have at least GPA 2.7 to get into the first two types of job. To apply for academic positions in the

FedVTE Training Catalog SPRING 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk here or email the

Notification of Request for Authorization under the Degree-Granting Institutions Act Date posted: May 22, 2013 Institution: Current status: Nature of request: Argosy University Authorized to offer programs

Australian Computer Society ANZSCO ICT Code descriptions v1.0 01.07.2011 Further updates will be issued in 2011-2012 The Australian Computer Society is the gazetted authority within Australia to undertake

151 xxx Introduction to IT Division The Higher Colleges of Technology offers one of UAEÕ s largest selections of Information Technology programs. Students study Diploma, Higher Diploma and Bachelor Degree

IT CERTIFICATION S ROLE IN THE IT JOB MARKET Harry C. Benham, Montana State University, hbenham@montana.edu ABSTRACT This study examines IT professional certification s role and prominence in the marketplace.

Are all IT professionals created equally? Matthew E. Swinarski Penn State Erie, The Behrend College Diane H. Parente Penn State Erie, The Behrend College Kathleen Noce Penn State Erie, The Behrend College

Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be

Company Overview Key Concepts is an India based software outsourcing company that focuses on highly qualitative, timely delivered and cost-effective offshore software development, e-commerce solutions,

An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information

Introduction to Real-Time Labor Market Information Real time labor market information is derived from online job postings. Details included in online job postings can provide information such as the type

The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish

Flexible Online Bachelor s Degree Completion Programs Bachelor of Science Degree Cyber Security Advancing the nation s workforce one graduate at a time Cyber Security Major The Program You ve heard about

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus Note to Faculty This NCL Syllabus is intended as a supplement to courses that are based on the EC- Council Certified Ethical Hacker TM (CEHv8)

The following is a suggested listing of tutorials, general assessments, and industry-specific assessments available. Visit www.proveit.com for a full list of selections. TUTORIALS Microsoft Access 2003

CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 BILL S BIO Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit. Vice President Controls

P a g e 1 of 5 Security+ 5-Day Instructor Led Course Overview This course is the primary course you will need to take if your job responsibilities include securing network services, devices, and traffic

Director, IT Security District Office Kern Community College District JOB DESCRIPTION Definition Reporting to the Chief Information Officer, the Director of IT Security develops and implements procedures,

Demystifying Platform as a Service The dividing lines between PaaS and IaaS may be blurring, but it s important for outsourcers of IT infrastructure to understand what sets Private PaaS apart from commodity

Course and Service Portfolio Specialized IT courses for IT professional and organizations willing to take benefit from the competitive advantages provided by international certifications Cyber & IT Governance

Network Systems Pathway Information Technology Cluster Assistant Network Technician -- This major prepares students to install, configure, operate, and connections to remote sites in a wide area network

, pp.31-42 http://dx.doi.org/10.14257/ijsia.2013.7.6.04 A Research on Security Awareness and Countermeasures for the Single Server Hyuk-Jin Son 1 and Seungdo Jeong 2,* 1 IT MBA, Graduate School of Business

THE STATE UNIVERSITY OF ZANZIBAR (SUZA) JOB OPPORTUNITIES The State University of Zanzibar (SUZA) is the only public university in Zanzibar established by Act No. 8 of the House of Representatives of 1999.

H23790, page 1 Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time. DUTIES This is a non-career term job at the Metropolitan

FALL 2015 Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk her e or email the Help Desk at support@usalearning.net. To speak with a Help Desk

Staffing Plan Version: 1.0 Date: 13 December 2010 Author: Ryan School Status: Final Phase 0 and Phase 1 In Phase 0 of the G.A.S. project an initial business plan will be composed along with the proposal,

A Course of Study for COMPUTER SCIENCE (AS) Associate Degree, Certificate of Achievement & Department Certificate Programs The field of computer science leads to a variety of careers that all require core

2004-2005 Catalog Addendum New Program Master of Science in Information Assurance This Walsh College Master of Science in Information Assurance degree combines theory with applied learning enabling security

The SANS Technology Institute makes shorter groups of courses available to students who are unable to commit to a full master s degree program. These certificate programs will augment your skills, provide

Your apprentices of today will be your skilled workers of the future. Due to the fast moving nature of the digital world, the demand for talent has never been higher and nurturing skills in-house is one

To ensure the functioning of the site, we use cookies. We share information about your activities on the site with our partners and Google partners: social networks and companies engaged in advertising and web analytics. For more information, see the Privacy Policy and Google Privacy &amp Terms.
Your consent to our cookies if you continue to use this website.